Lucene search

DebianDEBIAN:DLA-783-1:C56BC

HistoryJan 13, 2017 - 8:15 p.m.

[SECURITY] [DLA 783-1] xen security update

2017-01-1320:15:00

lists.debian.org

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

Package : xen
Version : 4.1.6.lts1-5
CVE ID : CVE-2016-10013 CVE-2016-10024

Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2016-10013 (xsa-204)

Xen mishandles SYSCALL singlestep during emulation which can lead to
privilege escalation. The vulnerability is only exposed to 64-bit x86
HVM guests.

CVE-2016-10024 (xsa-202)

PV guests may be able to mask interrupts causing a Denial of Service.

For Debian 7 "Wheezy", these problems have been fixed in version
4.1.6.lts1-5.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian7amd64xen-hypervisor-4.1-amd64< 4.1.6.lts1-5xen-hypervisor-4.1-amd64_4.1.6.lts1-5_amd64.deb
Debian7amd64xen-utils-4.1< 4.1.6.lts1-5xen-utils-4.1_4.1.6.lts1-5_amd64.deb
Debian7amd64xenstore-utils< 4.1.6.lts1-5xenstore-utils_4.1.6.lts1-5_amd64.deb
Debian8arm64libxen-dev< 4.4.1-9+deb8u9libxen-dev_4.4.1-9+deb8u9_arm64.deb
Debian7allxen-docs-4.1< 4.1.6.lts1-5xen-docs-4.1_4.1.6.lts1-5_all.deb
Debian7i386xen-system-amd64< 4.1.6.lts1-5xen-system-amd64_4.1.6.lts1-5_i386.deb
Debian8arm64xen-hypervisor-4.4-arm64< 4.4.1-9+deb8u9xen-hypervisor-4.4-arm64_4.4.1-9+deb8u9_arm64.deb
Debian7i386xen-hypervisor-4.1-i386< 4.1.6.lts1-5xen-hypervisor-4.1-i386_4.1.6.lts1-5_i386.deb
Debian7amd64libxen-ocaml< 4.1.6.lts1-5libxen-ocaml_4.1.6.lts1-5_amd64.deb
Debian8arm64xen-system-arm64< 4.4.1-9+deb8u9xen-system-arm64_4.4.1-9+deb8u9_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	amd64	xen-hypervisor-4.1-amd64	< 4.1.6.lts1-5	xen-hypervisor-4.1-amd64_4.1.6.lts1-5_amd64.deb
Debian	7	amd64	xen-utils-4.1	< 4.1.6.lts1-5	xen-utils-4.1_4.1.6.lts1-5_amd64.deb
Debian	7	amd64	xenstore-utils	< 4.1.6.lts1-5	xenstore-utils_4.1.6.lts1-5_amd64.deb
Debian	8	arm64	libxen-dev	< 4.4.1-9+deb8u9	libxen-dev_4.4.1-9+deb8u9_arm64.deb
Debian	7	all	xen-docs-4.1	< 4.1.6.lts1-5	xen-docs-4.1_4.1.6.lts1-5_all.deb
Debian	7	i386	xen-system-amd64	< 4.1.6.lts1-5	xen-system-amd64_4.1.6.lts1-5_i386.deb
Debian	8	arm64	xen-hypervisor-4.4-arm64	< 4.4.1-9+deb8u9	xen-hypervisor-4.4-arm64_4.4.1-9+deb8u9_arm64.deb
Debian	7	i386	xen-hypervisor-4.1-i386	< 4.1.6.lts1-5	xen-hypervisor-4.1-i386_4.1.6.lts1-5_i386.deb
Debian	7	amd64	libxen-ocaml	< 4.1.6.lts1-5	libxen-ocaml_4.1.6.lts1-5_amd64.deb
Debian	8	arm64	xen-system-arm64	< 4.4.1-9+deb8u9	xen-system-arm64_4.4.1-9+deb8u9_arm64.deb